Enabling Encryption Between Gateway and P6 Web Services for On-Premises

To ensure all requests and responses between Primavera Gateway and P6 Web Services are encrypted, you need a keystore file for encryption. There are several methods for generating a keystore file.

You can use the following sequence to generate and use the same keystore file on all servers:

  1. Create a Keystore file as follows:
    1. Create a folder, for example, C:/keystore.
    2. Use the Java keytool genkey command to create a keystore with the private key:

      From the command line, execute:

      keytool -genkey -alias <alias_name> -keyalg RSA -sigalg SHA1withRSA -keypass <keyPassword> -storepass <storePassword> -keystore <keystore file location>

      Where:

      <alias> is the key alias

      <keyPassword> is the password of the private key

      <storePassword> is the password of the keystore

      For example:

      keytool -genkey -alias myAlias -keyalg RSA -sigalg SHA1withRSA -keypass myPassword -storepass myPassword -keystore c:\keystore\keystore.jks

    3. Enter information for each of the following questions:
      • What is your first and last name?

        Enter the Gateway host name.

      • What is the name of your organization?
      • What is the name of your city or locality?
      • What is the name of your state or province?
      • What is the two-letter country code for this unit? For example, US.
      • Is CN=<Gateway host name>, OU=<organization unit name>, O=<organization name>, L=<location>, ST=<state code>, C=<country code> correct? Enter Y or N.

        Note: If P6 Web Services is deployed on other than a Gateway machine, then copy the keystore folder with keystore.jks to the P6 Web Services machine.

  2. In the Gateway user interface, select the Configuration tab and enter deployment information for P6. For more details, see Adding or Editing a P6 Deployment Connection.
  3. In P6 EPPM administration application:
    1. Enter the keystore information that was entered in the keystore file. The values must be identical.
    2. Modify the message protection node setting as follows:
      • Set the Require Timestamp value as True.
      • Set the Require Digital Signature for Incoming Messages value as True.
      • Set the Require Encryption for Incoming Messages value as True.
      • In the KeyStore Type field, enter JKS.
      • In the File Location field, enter the location of the .jks file. For example, c:\keystore\keystore.jks
      • In the KeyStore Password field, enter the password for the keystore file provided in keytool command.
      • In the Private Key Alias field, enter the alias name provided in keytool command.
      • In the Private Key Password field, enter the private key password for the keystore file provided in the keytool command.
      • If the encryption is on in Primavera Gateway, then NONCE and CREATED are included in the header for UserName Token authentication. To enable this:
      • Set the NONCE value as True.
      • Set the CREATED value as True.
  4. After encryption is set, restart P6 Web Services.

Legal Notices | Your Privacy Rights
Copyright © 2021

Last Published Thursday, December 16, 2021